VehChain: Blockchain Cryptography Decentralized Distributed CAN Bus Security for Intra-Vehicle Control Systems
The U.S. Army GVSC and DoD ground systems continue utilizing Controller Area Network (CAN Bus) communication standards for embedded systems in the Army's manned, unmanned, electric, and autonomous vehicles (EVs, UGVs, UAVs). Due to inherited natures of CAN protocol limitations, these vehicles are vulnerable for cybersecurity attacks while they are connected to external networks. The existing CAN Bus enhanced security solutions require the hardware add-on, CAN Bus protocol modifications, or a centralized security control, which not only cause high cost but also result in backward-incompatibility and a single point of failure.
VehChain is a technology to improve the security of Army ground vehicle systems. As a Blockchain reminiscent solution, VehChain implements reliable CAN Bus message encryption, verification, and error recovery for intra-vehicle communications to provide a means for CAN Bus security. To reduce communication overhead and latency, VehChain is designed based on the nature of CAN Bus, i.e., messages are broadcasted, nodes have no identifiers, and the frame identifier determines the specified node. Distributed message validation at each node secures the CAN bus through MAC, encryption, and key generation reminiscent of Blockchain technology. Each cryptographic key is tied to the CAN frame's identifier, hash (plain-text payload), and hash (previous key). To provide resiliency from corrupting message, a reboot-based recovery approach utilizes CAN's built-in error handling mechanism. Hence, it mitigates the effect of attack propagation bus for ensuring the operational safety, security, and continuity.
VehChain offer several critical design features for Army vehicle security and operations:
- Distributed and decentralized message confidentiality and validation for intra-vehicle communication networks. Avoid single point of failure.
- Easily integration into the CAN Bus through the firmware revisions.
- No additional CAN hardware or data frame alteration is needed. Compatible with legacy vehicle systems (CAN &MilCAN).
- Proactive threat resilience in CAN Bus through self-reboot recovery mechanism.
- Lessen the communication overhead and delay.
VehChain can be utilized for a great range of applications and some of them are Army Ground Vehicle System Center—GSVC, Army Combat Capabilities Development Command (CCDC), U.S. Army Engineering and Support Center (USACE), Mission Enabler Technologies Demonstrator (MET-D) Vehicles, Robotic Combat Vehicles (RCV), Manned Lead Vehicles, Unmanned Vehicles, Unmanned Aerial Vehicle, Unmanned Ground Vehicles, Air force & Navy and other DoD vehicles, and Commercial Vehicles and systems using CAN.Learn More